Skip to main content
TraceCodeTraceCode

Privacy Policy

Privacy Policy

Last updated: April 8, 2026

This Privacy Policy explains how TraceCode ("we", "us", or "our") collects, uses, and protects your personal data when you use our interactive code visualization platform ("the Service"). We are committed to protecting your privacy and being transparent about our data practices.

1. Information We Collect

a. Account Information

When you create an account, we collect your name, email address, and profile picture. This data is stored and managed by our authentication provider (Clerk). If you sign in with a third-party service like Google, we receive basic profile information from that provider.

b. Analytics Data

With your explicit consent, we collect anonymous usage data such as page views, feature interactions, and performance metrics using a privacy-focused analytics platform. Analytics data is only collected if you opt in via our cookie banner. You can withdraw consent at any time.

c. Locally Stored Data

We store the following in your browser's local storage. This data never leaves your device and is not sent to our servers:

  • Theme preference — your light or dark mode choice
  • Tutorial completion — whether you've finished the onboarding tour
  • Cookie consent — your cookie preference selection

d. Code You Write

Code you enter in the editor is sent to our servers for execution and is not stored after the response is returned. In real-time collaboration rooms, code is synchronized between participants via WebSocket connections and is not permanently stored after the session ends. Saved traces are stored on our servers and are accessible only to you.

e. Server Logs

Our servers log IP addresses temporarily for rate-limiting, abuse prevention, and security monitoring. These logs are automatically purged within 30 days.

2. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To authenticate you and manage your account
  • To process Premium subscriptions and payments
  • To improve the Service based on aggregated, anonymous analytics (only with your consent)
  • To prevent abuse, enforce rate limits, and ensure security
  • To send important service-related communications (e.g., security alerts, billing notices)

We do not sell your personal data. We do not use your data for advertising. We do not use your code for training machine learning models.

3. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract performance — to provide the Service you signed up for
  • Consent — for analytics cookies (you can withdraw at any time)
  • Legitimate interest — for security, abuse prevention, and service improvement

4. Third-Party Services

We use a small number of trusted third-party services:

  • Clerk — Authentication and user management. Privacy Policy
  • PostHog — Privacy-focused analytics (only with your consent). Data is hosted in the EU. Privacy Policy

We do not share your personal data with any other third parties except as required by law.

5. Cookies & Tracking Technologies

We use cookies and browser local storage to operate the Service. Here is a full breakdown of what we store and why.

a. Essential Cookies (Always Active)

Required for the Service to function. These cannot be disabled.

Cookie / StoragePurposeDuration
__clerk_*Authentication and session managementSession / persistent
codetrace-cookie-consentRemembers your cookie preferencePersistent (localStorage)

b. Functional Storage (Always Active)

Stored in your browser's localStorage. Never sent to our servers.

KeyPurposeDuration
codetrace-themeLight/dark theme preferencePersistent
codetrace-tutorial-doneOnboarding tutorial completionPersistent

c. Analytics Cookies (Require Your Consent)

Only set if you opt in via the cookie banner. Help us understand how TraceCode is used so we can improve the experience.

CookiePurposeDuration
ph_*Anonymous usage analytics1 year

d. Managing Your Preferences

  • Cookie banner — appears on your first visit to let you accept or reject analytics cookies.
  • User menu— select "Cookie Preferences" at any time to change your choice.
  • Browser settings — you can block or delete cookies in your browser. Note that blocking essential cookies will break authentication.

6. Data Storage & Security

Account data is stored by Clerk in their SOC 2-compliant infrastructure. Lesson and trace data is stored in an encrypted server-side database. All connections to TraceCode use HTTPS/WSS encryption in transit. We follow industry-standard security practices including rate limiting, input validation, and webhook signature verification. However, no method of transmission over the Internet is 100% secure.

7. Your Rights

If you are in the European Economic Area (EEA) or a jurisdiction with similar data protection laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restrict processing — request that we limit how we use your data
  • Withdraw consent — revoke analytics consent at any time via the user menu

To exercise any of these rights, email us at privacy@tracecode.dev. We will respond within 30 days.

8. Data Retention

  • Account data — retained while your account is active; deleted within 30 days of account deletion
  • Analytics data — retained for up to 12 months, then automatically purged
  • Server logs — retained for up to 30 days
  • Collaboration room data — not permanently stored; cleared when the session ends
  • Saved traces and lessons — retained until you delete them or your account

9. Children's Privacy

TraceCode is not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. International Data Transfers

Your data may be processed in countries outside the EEA by our third-party providers. We ensure that adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, to protect your data during such transfers.

11. Changes to This Policy

We may update this Privacy Policy as our practices evolve. If we make material changes, we will notify you by email or through a prominent notice in the Service at least 14 days in advance. The "Last updated" date at the top reflects the most recent revision.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@tracecode.dev.